Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Back-to-School Cyber Safety

Original release date: August 10, 2018 As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students with their schoolwork and stay in...
Auteur: US Cert

North Korean Malicious Cyber Activity

Original release date: August 09, 2018 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S....
Auteur: US Cert

VU#962459: TCP implementations vulnerable to Denial of Service

Vulnerability Note VU#962459 TCP implementations vulnerable to Denial of Service Original Release date: 06 Aug 2018 | Last revised: 16 Aug 2018 Overview The Linux kernel versions 4.9+ and supported versions of FreeBSD are...
Auteur: US Cert

VU#307144: mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

Vulnerability Note VU#307144 mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR Original Release date: 03 Aug 2018 | Last revised: 03 Aug 2018 Overview mingw-w64 produces a...
Auteur: US Cert

VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Vulnerability Note VU#304725 Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange Original Release date: 23 Jul 2018 | Last revised: 17 Aug 2018 Overview Bluetooth...
Auteur: US Cert

VU#338343: strongSwan VPN charon server vulnerable to buffer underflow

Vulnerability Note VU#338343 strongSwan VPN charon server vulnerable to buffer underflow Original Release date: 23 May 2018 | Last revised: 13 Jun 2018 Overview strongSwan VPN's charon server prior to version 5.6.3 does not...
Auteur: US Cert

VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

Vulnerability Note VU#180049 CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks Original Release date: 21 May 2018 | Last revised: 19 Jun 2018 Overview CPU hardware utilizing...
Auteur: US Cert

VU#122919: OpenPGP and S/MIME mail client vulnerabilities

Vulnerability Note VU#122919 OpenPGP and S/MIME mail client vulnerabilities Original Release date: 14 May 2018 | Last revised: 15 May 2018 Overview Mail clients may leak plaintext messages while decrypting OpenPGP and S/MIME...
Auteur: US Cert

VU#631579: Hardware debug exception documentation may result in unexpected behavior

Vulnerability Note VU#631579 Hardware debug exception documentation may result in unexpected behavior Original Release date: 08 May 2018 | Last revised: 06 Jun 2018 Overview In some circumstances, some operating systems or...
Auteur: US Cert

VU#283803: Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")

Vulnerability Note VU#283803 Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch") Original Release date: 03 May 2018 | Last revised: 03 May 2018 Overview Some platforms with integrated GPUs, such...
Auteur: US Cert

VU#974272: Microsoft Outlook retrieves remote OLE content without prompting

Vulnerability Note VU#974272 Microsoft Outlook retrieves remote OLE content without prompting Original Release date: 10 Apr 2018 | Last revised: 10 Apr 2018 Overview When a Rich Text (RTF) email is previewed in Microsoft...
Auteur: US Cert
First18192021222324252627

Événements SSI